[Pki-devel] [PATCH] 668 Fixed installation summary for existing CA.
Endi Sukma Dewata
edewata at redhat.com
Fri Jan 22 15:56:49 UTC 2016
The pkispawn has been modified to display the proper summary for
external CA and existing CA cases.
https://fedorahosted.org/pki/ticket/456
--
Endi S. Dewata
-------------- next part --------------
From 9d6b801afdc4d3209c203c21b6894af52fc5355b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Fri, 22 Jan 2016 00:03:39 +0100
Subject: [PATCH] Fixed installation summary for existing CA.
The pkispawn has been modified to display the proper summary for
external CA and existing CA cases.
https://fedorahosted.org/pki/ticket/456
---
.../python/pki/server/deployment/pkihelper.py | 1 +
.../server/deployment/scriptlets/configuration.py | 13 ++++++-------
base/server/sbin/pkispawn | 22 +++++++++++++++++++---
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 1db23582620fa8b4bc2abe03bb91724cb32fecf0..c5c71ef997d8d3c768324c0fdaa1124a2f4a16dc 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -504,6 +504,7 @@ class ConfigurationFile:
self.external = config.str2bool(self.mdict['pki_external'])
self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two'])
self.external_step_two = not self.external_step_one
+ self.external_csr_path = self.mdict['pki_external_csr_path']
if self.external:
# generic extension support in CSR - for external CA
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 575a347c20285454b80e6394c5168c77bf2af885..a5ab3f88b6c74de7acf8ca6224c87a71e1211c08 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
external = deployer.configuration_file.external
step_one = deployer.configuration_file.external_step_one
step_two = deployer.configuration_file.external_step_two
+ external_csr_path = deployer.configuration_file.external_csr_path
try:
if external and step_one: # external/existing CA step 1
@@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# If filename specified, generate CA cert request and
# import it into CS.cfg.
- request_file = deployer.mdict['pki_external_csr_path']
- if request_file:
+ if external_csr_path:
nssdb.create_request(
subject_dn=deployer.mdict['pki_ca_signing_subject_dn'],
- request_file=request_file,
+ request_file=external_csr_path,
key_type=key_type,
key_size=key_size,
curve=curve,
hash_alg=hash_alg)
- with open(request_file) as f:
+ with open(external_csr_path) as f:
signing_csr = f.read()
signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
subsystem.config['ca.signing.certreq'] = signing_csr
@@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
elif external and step_two: # external/existing CA step 2
# If specified, import existing CA cert request into CS.cfg.
- request_file = deployer.mdict['pki_external_csr_path']
- if request_file:
- with open(request_file) as f:
+ if external_csr_path:
+ with open(external_csr_path) as f:
signing_csr = f.read()
signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
subsystem.config['ca.signing.certreq'] = signing_csr
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index 9c2aa2d665b2e523bae242bebb27c06c471ce2c7..bca33799c111cae40e530ec97c38cc0e06ce0223 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -616,9 +616,13 @@ def main(argv):
external = deployer.configuration_file.external
step_one = deployer.configuration_file.external_step_one
+ external_csr_path = deployer.configuration_file.external_csr_path
if external and step_one:
- print_step_one_information(parser.mdict)
+ if external_csr_path:
+ print_external_ca_step_one_information(parser.mdict)
+ else:
+ print_existing_ca_step_one_information(parser.mdict)
else:
print_install_information(parser.mdict)
@@ -630,7 +634,7 @@ def set_port(parser, tag, prompt, existing_data):
parser.read_text(prompt, config.pki_subsystem, tag)
-def print_step_one_information(mdict):
+def print_external_ca_step_one_information(mdict):
print(log.PKI_SPAWN_INFORMATION_HEADER)
print(" The %s subsystem of the '%s' instance is still incomplete." %
@@ -641,7 +645,19 @@ def print_step_one_information(mdict):
% mdict['pki_external_csr_path'])
print()
print(" Submit the CSR to an external CA to generate a CA certificate\n"
- " for this subsystem.")
+ " for this subsystem. Import the CA certificate and the certificate\n"
+ " chain, then continue the installation.")
+ print(log.PKI_SPAWN_INFORMATION_FOOTER)
+
+
+def print_existing_ca_step_one_information(mdict):
+
+ print(log.PKI_SPAWN_INFORMATION_HEADER)
+ print(" The %s subsystem of the '%s' instance is still incomplete." %
+ (config.pki_subsystem, mdict['pki_instance_name']))
+ print()
+ print(" Import an existing CA certificate with the key and the CSR, and\n"
+ " the certificate chain if available, then continue the installation.")
print(log.PKI_SPAWN_INFORMATION_FOOTER)
--
2.4.3
More information about the Pki-devel
mailing list